Start your day with intelligence. Get The OODA Daily Pulse.
A Chinese state-sponsored actor, “UNC5147”, has been using open source tools to attack its victims. The attacker has been using a new command and control (C2) tool, the “Vshell”, in its campaign since January, as well as a variant of “Snowlight” malware. Threat actors are beginning to use open source tools in their attacks more frequently, taking advantage of their cost effectiveness. UNC5147 is believed to be a contractor working for the Chinese government and targeting Western countries including the US, UK, and Canada.